New SL Enquirer article, and more about account hijacking

phishing

On Friday, November 28, The Green Lanterns was featured in an SL Enquirer article entitled The Green Lanterns of Second Life – The True Virtual Super Heroes – Debby Sharma Reporting. It’s always a pleasure to read another interesting and informative article in the award-winning Enquirer.

One of the main points in the article is the fairly recent phishing scheme that has caught so many unsuspecting residents and caused so many problems. Let’s go into the specifics of how that scheme works:

  • You get an IM from one of your trusted friends, saying something like “Click the link to see my new Marketplace store.” You didn’t know your friend had a store, so you click the link, not really paying attention to the URL (the Internet address).
  • The link takes you to a login page asking for your Second Life username and password. The login page is not associated with Second Life, but you are not paying attention so you don’t notice that.
  • You put in your username and password and click the “Submit” button. You just gave your password to a hacker.
  • You may get an error message, or you may be taken to the main page of the Second Life Marketplace. Either way, you don’t see your friend’s store.
  • You may send an IM back to your friend to say that the link didn’t work. You won’t get a reply.
  • You decide that this is just Second Life being weird again, so you go on and do something else.
  • Next time you try to go into Second Life, you get a message saying that your password is wrong. You are unable to log in, either using your SL viewer or on the SL website. You might try to use the password recovery link to have a new password sent to your email address. That doesn’t work either.
  • You are locked out of Second Life because the hacker has changed your account’s password and email address. He transfers all of your Lindens into his account.
  • The hacker sends out an IM to all of your friends, asking them to visit your new store on the Marketplace, and providing a link to his hacker website where they will be asked for their Second Life username and password.
  • Most of your friends look at the URL and notice that it doesn’t go to the actual Second Life Marketplace, so they don’t click on it.
  • Some of your friends don’t notice the bad URL, so they click it, put in their username and password. Their accounts get hijacked too, and the cycle continues.

Here’s the message I received from a good friend of mine back in February: “ola,visite minha loja no site http://www.seconllifemarcketplace.comyr.com/ Obrigada.” In English, this says “hello, visit my store on the site http://www.seconllifemarcketplace.comyr.com/ Thank you.” The link just goes to an error page now, because the hacker’s login page that steals your password was removed long ago. But you can see by looking at the URL that it’s going to a website that’s NOT marketplace.secondlife.com. No one who is really paying attention would believe that that link, with its weird misspellings and the bogus URL, was an official page. But some people don’t pay attention, so they will get caught.

Another common type of phishing scheme happens when someone gives you a notecard or sends you an IM in Second Life, advertising a great new viewer that eliminates all lag or allows you to do something amazing that your normal viewer just won’t do. The message might contain a link that asks you to go to a website and install this new viewer that you have never heard of before. After you install it, you will have to enter your SL username and password to log in. When you do that, the hacker who created the viewer now has your password. Sooner or later you will find that all your Lindens are gone, most of the items in your inventory are missing, your avatar is messed up, your friends are angry because someone posing as you came in and griefed them, or something else bad has happened to disrupt your Second Life. If someone is asking you to install a SL viewer that is not listed in the official Second Life Third Party Viewer Directory, I would recommend not installing it, and you should report the person who gave you the link, by writing an Abuse Report.

Second Life is a safe place if you are not careless with your personal information. No one can steal your password unless you give it to them on purpose. So don’t be that person who falls for one of these schemes.

Advertisements

About Hal Jordan

https://thegreenlanterns.wordpress.com/
Gallery | This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s